All you need know about ransomware attack | Avoid malware attacks

What is malware and ransomware?

Malware is a general term that refers to software that’s harmful to the computer. It is designed to damage, disrupt access to the computer.

Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on it until a ransom is paid.

How does our computer become infected with ransomware?

In most cases, the software infects computers through links or attachments in phishing emails. The software usually is hidden within links or attachments in emails. Once the user clicks on the link or opens the document, their computer is infected and software takes over.

How ransomware works?

The ransomware encrypts data on the computer using an encryption key. This encryption key is known to attacker. Attcker demand some ransom amount of money to decrypt your data. Had you not paid money, you would loose data.

In most cases, they change the wallpaper of the computer, which has specific instructions what to do to recover your files. Mostly it would be on how and what to pay.

How to avoid these ransomware attacks?

The first step is being cautious

Users should regularly back up their data and ensure that security updates are installed on their computer as soon as they are released.

Up-to-date backups make it possible to restore files without paying a ransom.

Users should also look for Phising emails in disguise of company mails or mails from people you regularly interact with online.

We should avoid clicking on links or opening attachments in those mails or messages, since they could unleash malware.

How exactly WannaCry ransomware attack happened?

WannaCry, a crypto-ransomware that is also called WannaCrypt, affected around 2,00,000 computers spread across almost 74 countries.

The WannaCryptor 2.0 bug encrypts data on a computer and displays a message asking the user to pay a ransom amount of money in Bitcoins to restore access to the device and the data inside.

Alarmingly, the attack also hit the National Health Service of UK, stalling surgeries and other critical patient care activity across the British Isles, and making confidential patient information and document inaccessible.

How the attack is ultimately brought under control? What could be the consequences otherwise?

The attack was brought under control by an ‘accidental hero’, a security researcher who discovered a hard-coded security switch in the form of domain name hidden in malware. He registered and bought the domain name for $10.69, so it triggered thousands of pings from affected devices, thus killing the ransomware. Funny fact is he is also not aware that registering the domain would stop the malware.

Millions of computers worldwide could have been locked within a few days, affecting all kinds of services globally, has it not been discovered.

Many surgeries were reported to have been put-off, x-rays cancelled, and ambulances called back within hours of attack – just in UK, where at least 40 hospitals under NHS were affected.

It had been long feared that an attack of this nature could bring public outlets or transport systems to a halt, forcing the government to pay a huge ransom to normalize services.

Who was behind the attack and what was their motivation?

It’s not known yet

However, it is widely accepted that the hackers used the ‘Eternal Blue Hacking Weapon’ created by America’s National Security Agency (NSA). It is created to gain access to Microsoft Windows computers used by terrorists’ outfits and enemy states.

What can you do to protect yourself in digital world?

The least we can do is to stop clicking links that you don’t trust, and stop downloading software from unknown sources.

F-Secure highlights the need for a four-phase approach to cyber security: Predict, Prevent, Detect and Respond.
Predict by performing an exposure analysis;
Prevent by deploying a defensive solution to reduce the attack surface;
Respond by determining how a breach happened and what impact it has on systems and;
Detect by monitoring infrastructure for signs of intrusion or suspicious behaviour.